Skip to content

Add support for Django ORM .raw method to SQL parameterization codemod #442

New issue
New issue
Open
Open
Add support for Django ORM .raw method to SQL parameterization codemod#442
Labels
enhancementNew feature or request
@drdavella

Description

@drdavella
drdavella
opened on Apr 4, 2024

Various ORMs (e.g. SQLAlchemy, Django) enable pass-thru execution of raw SQL queries. We need to consider these methods when finding and fixing potential SQL injection vulnerabilities. In the Django ORM specifically, this is enabled via the .raw method: https://docs.djangoproject.com/en/5.0/topics/db/sql/#performing-raw-sql-queries

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions